CVE-2023-5992 — MEDIUM (5.6)

Q: What is CVE-2023-5992?

CVE-2023-5992 is a vulnerability with a CVSS score of 5.6 (MEDIUM). A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

Q: How severe is CVE-2023-5992?

CVE-2023-5992 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5992?

Check the references section above for vendor advisories and patch information. Affected products include: Opensc Project Opensc, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Arm 64 Eus.

Vulnerability Description

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

CVSS Score

5.6

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Opensc Project	Opensc	< 0.25.0
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Eus	9.4
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.4_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.4_s390x
Redhat	Enterprise Linux For Power Little Endian	9.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	9.4_ppc64le
Redhat	Enterprise Linux Server Aus	9.4
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	9.2

Related Weaknesses (CWE)

CWE-203

References

https://access.redhat.com/errata/RHSA-2024:0966Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992Vendor Advisory
https://www.usenix.org/system/files/usenixsecurity24-shagam.pdfExploitTechnical Description
https://access.redhat.com/errata/RHSA-2024:0966Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0967Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5992Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2248685Issue Tracking
https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html
https://lists.fedoraproject.org/archives/list/[email protected]
https://lists.fedoraproject.org/archives/list/[email protected]
https://lists.fedoraproject.org/archives/list/[email protected]

FAQ

What is CVE-2023-5992?

CVE-2023-5992 is a vulnerability with a CVSS score of 5.6 (MEDIUM). A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

How severe is CVE-2023-5992?

CVE-2023-5992 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5992?

Check the references section above for vendor advisories and patch information. Affected products include: Opensc Project Opensc, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Arm 64 Eus.